first fine in Lithuania

First GDPR fine issued in Lithuania

A year after GDPR came into force, the Lithuanian Data Protection Authority (VDAI) has issued its first administrative fine. UAB ‘Mister Tango’, a company that provides financial operation services globally, was fined 61,500 EUR in respect of GDPR Articles 5, 32 and 33 relating to improper processing of personal data in instant screen images (screenshots).

Improper processing of personal data

Of the company’s images, 9000 were found to contain personal details and payment session copies of customers of 12 different banks in different countries. It was also found that ‘Mister Tango’ processes an extensive amount of personal data that is not stated in its privacy policy, which violates GDPR Art. 5.

Furthermore, for at least 2 days the list of processed payments showing customers’ data was visible online. Disclosure of personal data is treated as a personal data breach and must be reported within 72 hours (GDPR Art. 33). However, VDAI was not informed about the incident.

Data Protection Authority investigation

Before deciding to impose the fine, the VDAI considered all the factors relative to whether or not ‘Mister Tango’ acted to the best of its abilities in making sure that data processing was transparent, compliant and secure.

VDAI concluded that ‘Mister Tango’ doesn’t have the necessary technical and organisational security measures in place to ensure the required level of safety, including protection against unauthorised processing or disclosure (GDPR Art.32).

The VDAI’s decision has not yet come into force and can be appealed against through the court.

The original source: Įmonės atsakomybės neišvengs – Lietuvoje skirta ženkli bauda už Bendrojo duomenų apsaugos reglamento pažeidimus

More on this topic:

Get your compliance organized with proper GDPR tools.
Contact us for a demo and get access to 14-day trial.

Save time and be confident

Latest Posts
How to Avoid ICO Fines: Lessons from Recent GDPR Spam Text Penalties

How to Avoid ICO Fines: Lessons from Recent GDPR Spam Text Penalties

Lessons for Legal Teams: Avoiding Costly Mistakes in Data Privacy ComplianceData privacy is no longer a secondary concern for businesses—it's...
Privacy Rights and it’s Challenges – 6 Years of GDPR

Privacy Rights and it’s Challenges – 6 Years of GDPR

Six years since GDPR came into force, the promise of stronger data protection is being undermined by the rise of...
Staying Ahead of GDPR Compliance: Lessons from LinkedIn’s €310 Million Fine

Staying Ahead of GDPR Compliance: Lessons from LinkedIn’s €310 Million Fine

LinkedIn Ireland was recently fined a record-breaking €310 million by the Irish Data Protection Commission for GDPR violations, underscoring the...
Preparing Your Small Business for GDPR Compliance

Preparing Your Small Business for GDPR Compliance

The General Data Protection Regulation (GDPR) is a European Union law that protects the privacy and personal data of individuals...
The GDPR Data Map – Your Complete Guide

The GDPR Data Map – Your Complete Guide

The General Data Protection Regulation (GDPR) is a European regulation establishing the framework for personal data protection of individuals in...
GDPR in Healthcare: Compliance Guide

GDPR in Healthcare: Compliance Guide

Since General Data Protection Regulation (GDPR) entered into force, the personal data protection has become more challenging to the Healthcare...
GDPR software: 10 Great Tools For Compliance in 2024

GDPR software: 10 Great Tools For Compliance in 2024

In this article, we will introduce you to some useful GDPR software tools which may help you reach GDPR compliance...
The lawful basis for Data Processing under the GDPR

The lawful basis for Data Processing under the GDPR

A lawful (or legal) basis for processing data must be satisfied before a business can process any personal data. Article 6...
The EU-U.S. Data Privacy Framework: A Transatlantic honeymoon for data flows, but for how long?

The EU-U.S. Data Privacy Framework: A Transatlantic honeymoon for data flows, but for how long?

The European Commission concluded that the United States ensures adequate protection for personal data transferred from the EU to U.S....
A Comprehensive Guide to Personal Data Mapping

A Comprehensive Guide to Personal Data Mapping

Introduction Data privacy and security are of utmost concern in the digital era of today, especially when it comes to...